From 5b8a4b3888163dc204af854d75ffc1ce1a1e9589 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 10 Mar 2020 16:50:36 -0700 Subject: [PATCH 1/7] Update shadow-protection.md --- .../windows-defender-antivirus/shadow-protection.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/shadow-protection.md b/windows/security/threat-protection/windows-defender-antivirus/shadow-protection.md index 46ca70b593..2fb0aa6ccd 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/shadow-protection.md +++ b/windows/security/threat-protection/windows-defender-antivirus/shadow-protection.md @@ -54,7 +54,7 @@ The following images shows an instance of unwanted software that was detected an |Requirement |Details | |---------|---------| -|Permissions |One of the following roles should be assigned in [Azure Active Directory](https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-users-assign-role-azure-portal):
- Security Administrator or Global Administrator
- Security Reader
See [Basic permissions](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/basic-permissions) | +|Permissions |One of the following roles should be assigned in [Azure Active Directory](https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-users-assign-role-azure-portal):
- Security Administrator or Global Administrator
- Security Reader
See [Basic permissions](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/basic-permissions). | |Operating system |One of the following:
- Windows 10 (all releases)
- Windows Server 2016 or later | |Windows E5 enrollment |This is included in the following subscriptions:
- Microsoft 365 E5
- The Identity & Threat Protection offering for Microsoft 365 E3 customers.
See [Components](https://docs.microsoft.com/microsoft-365/enterprise/microsoft-365-overview?view=o365-worldwide#components) and [Features and capabilities for each plan](https://www.microsoft.com/microsoft-365/compare-all-microsoft-365-plans). | |Cloud-delivered protection |Make sure Windows Defender Antivirus is configured such that cloud-delivered protection is enabled.
See [Enable cloud-delivered protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus). | From bb085b8a889daaa8eda3d1961cabbeb1c0fa7b2b Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 10 Mar 2020 16:51:36 -0700 Subject: [PATCH 2/7] Update shadow-protection.md --- .../windows-defender-antivirus/shadow-protection.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/shadow-protection.md b/windows/security/threat-protection/windows-defender-antivirus/shadow-protection.md index 2fb0aa6ccd..8e3706c360 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/shadow-protection.md +++ b/windows/security/threat-protection/windows-defender-antivirus/shadow-protection.md @@ -56,7 +56,7 @@ The following images shows an instance of unwanted software that was detected an |---------|---------| |Permissions |One of the following roles should be assigned in [Azure Active Directory](https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-users-assign-role-azure-portal):
- Security Administrator or Global Administrator
- Security Reader
See [Basic permissions](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/basic-permissions). | |Operating system |One of the following:
- Windows 10 (all releases)
- Windows Server 2016 or later | -|Windows E5 enrollment |This is included in the following subscriptions:
- Microsoft 365 E5
- The Identity & Threat Protection offering for Microsoft 365 E3 customers.
See [Components](https://docs.microsoft.com/microsoft-365/enterprise/microsoft-365-overview?view=o365-worldwide#components) and [Features and capabilities for each plan](https://www.microsoft.com/microsoft-365/compare-all-microsoft-365-plans). | +|Windows E5 enrollment |This is included in the following subscriptions:
- Microsoft 365 E5
- Microsoft 365 E3 together with the Identity & Threat Protection offering
See [Components](https://docs.microsoft.com/microsoft-365/enterprise/microsoft-365-overview?view=o365-worldwide#components) and [Features and capabilities for each plan](https://www.microsoft.com/microsoft-365/compare-all-microsoft-365-plans). | |Cloud-delivered protection |Make sure Windows Defender Antivirus is configured such that cloud-delivered protection is enabled.
See [Enable cloud-delivered protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus). | |Windows Defender Antivirus antimalware client |To make sure your client is up to date, using PowerShell, run the `Get-MpComputerStatus` cmdlet as an administrator. In the **AMProductVersion** line, you should see **4.18.2001.10** or above. | |Windows Defender Antivirus engine |To make sure your engine is up to date, using PowerShell, run the `Get-MpComputerStatus` cmdlet as an administrator. In the **AMEngineVersion** line, you should see **1.1.16700.2** or above. | From ff9a9dcb97212169c09f2aa92bad1cdaf8672125 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thomas=20Sj=C3=B6gren?= Date: Wed, 11 Mar 2020 09:02:15 +0100 Subject: [PATCH 3/7] fix spacing and lint the document MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Thomas Sjögren --- ...ormation-protection-in-windows-overview.md | 67 +++++++++---------- 1 file changed, 31 insertions(+), 36 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/information-protection-in-windows-overview.md b/windows/security/threat-protection/microsoft-defender-atp/information-protection-in-windows-overview.md index 12d5e36306..800351a160 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/information-protection-in-windows-overview.md +++ b/windows/security/threat-protection/microsoft-defender-atp/information-protection-in-windows-overview.md @@ -1,6 +1,6 @@ --- title: Information protection in Windows overview -ms.reviewer: +ms.reviewer: description: Learn about how information protection works in Windows to identify and protect sensitive information keywords: information, protection, dlp, wip, data, loss, prevention, protect search.product: eADQiWindows 10XVcnh @@ -13,60 +13,60 @@ author: mjcaparas ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: M365-security-compliance ms.topic: conceptual --- # Information protection in Windows overview + **Applies to:** + - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) [!include[Prerelease information](../../includes/prerelease.md)] Information protection is an integral part of Microsoft 365 Enterprise suite, providing intelligent protection to keep sensitive data secure while enabling productivity in the workplace. - -Microsoft Defender ATP is seamlessly integrated in Microsoft Threat Protection to provide a complete and comprehensive data loss prevention (DLP) solution for Windows devices. This solution is delivered and managed as part of the unified Microsoft 365 information protection suite. +Microsoft Defender ATP is seamlessly integrated in Microsoft Threat Protection to provide a complete and comprehensive data loss prevention (DLP) solution for Windows devices. This solution is delivered and managed as part of the unified Microsoft 365 information protection suite. >[!TIP] > Read our blog post about how [Microsoft Defender ATP integrates with Microsoft Information Protection to discover, protect, and monitor sensitive data on Windows devices](https://cloudblogs.microsoft.com/microsoftsecure/2019/01/17/windows-defender-atp-integrates-with-microsoft-information-protection-to-discover-protect-and-monitor-sensitive-data-on-windows-devices/). - Microsoft Defender ATP applies the following methods to discover, classify, and protect data: + - **Data discovery** - Identify sensitive data on Windows devices at risk - **Data classification** - Automatically classify data based on common Microsoft Information Protection (MIP) policies managed in Office 365 Security & Compliance Center. Auto-classification allows you to protect sensitive data even if the end user hasn’t manually classified it. - **Data protection** - Windows Information Protection (WIP) as outcome of Azure Information Protection label - ## Data discovery and data classification -Microsoft Defender ATP automatically discovers files with sensitivity labels and files that contain sensitive information types. -Sensitivity labels classify and help protect sensitive content. +Microsoft Defender ATP automatically discovers files with sensitivity labels and files that contain sensitive information types. +Sensitivity labels classify and help protect sensitive content. Sensitive information types in the Office 365 data loss prevention (DLP) implementation fall under two categories: + - Default - Custom -Default sensitive information types include information such as bank account numbers, social security numbers, or national IDs. For more information, see [What the sensitive information type look for](https://docs.microsoft.com/office365/securitycompliance/what-the-sensitive-information-types-look-for). +Default sensitive information types include information such as bank account numbers, social security numbers, or national IDs. For more information, see [What the sensitive information type look for](https://docs.microsoft.com/office365/securitycompliance/what-the-sensitive-information-types-look-for). Custom types are ones that you define and is designed to protect a different type of sensitive information (for example, employee IDs or project numbers). For more information see, [Create a custom sensitive information type](https://docs.microsoft.com/office365/securitycompliance/create-a-custom-sensitive-information-type). - -When a file is created or edited on a Windows device, Microsoft Defender ATP scans the content to evaluate if it contains sensitive information. +When a file is created or edited on a Windows device, Microsoft Defender ATP scans the content to evaluate if it contains sensitive information. Turn on the Azure Information Protection integration so that when a file that contains sensitive information is discovered by Microsoft Defender ATP though labels or information types, it is automatically forwarded to Azure Information Protection from the device. ![Image of settings page with Azure Information Protection](images/atp-settings-aip.png) -The reported signals can be viewed on the Azure Information Protection – Data discovery dashboard. +The reported signals can be viewed on the Azure Information Protection – Data discovery dashboard. -## Azure Information Protection - Data discovery dashboard -This dashboard presents a summarized discovery information of data discovered by bothMicrosoft Defender ATP and Azure Information Protection. Data from Microsoft Defender ATP is marked with Location Type - Endpoint. +## Azure Information Protection - Data discovery dashboard + +This dashboard presents a summarized discovery information of data discovered by both Microsoft Defender ATP and Azure Information Protection. Data from Microsoft Defender ATP is marked with Location Type - Endpoint. ![Image of Azure Information Protection - Data discovery](images/azure-data-discovery.png) - Notice the Device Risk column on the right, this device risk is derived directly from Microsoft Defender ATP, indicating the risk level of the security device where the file was discovered, based on the active security threats detected by Microsoft Defender ATP. Click on a device to view a list of files observed on this device, with their sensitivity labels and information types. @@ -74,47 +74,44 @@ Click on a device to view a list of files observed on this device, with their se >[!NOTE] >Please allow approximately 15-20 minutes for the Azure Information Protection Dashboard Discovery to reflect discovered files. +## Log Analytics - - -## Log Analytics Data discovery based on Microsoft Defender ATP is also available in [Azure Log Analytics](https://docs.microsoft.com/azure/log-analytics/log-analytics-overview), where you can perform complex queries over the raw data. -For more information on Azure Information Protection analytics, see [Central reporting for Azure Information Protection](https://docs.microsoft.com/azure/information-protection/reports-aip). +For more information on Azure Information Protection analytics, see [Central reporting for Azure Information Protection](https://docs.microsoft.com/azure/information-protection/reports-aip). -Open Azure Log Analytics in Azure Portal and open a query builder (standard or classic). - -To view Microsoft Defender ATP data, perform a query that contains: +Open Azure Log Analytics in Azure Portal and open a query builder (standard or classic). +To view Microsoft Defender ATP data, perform a query that contains: ``` -InformationProtectionLogs_CL -| where Workload_s == "Windows Defender" +InformationProtectionLogs_CL +| where Workload_s == "Windows Defender" ``` **Prerequisites:** + - Customers must have a subscription for Azure Information Protection. -- Enable Azure Information Protection integration in Microsoft Defender Security Center: +- Enable Azure Information Protection integration in Microsoft Defender Security Center: - Go to **Settings** in Microsoft Defender Security Center, click on **Advanced Settings** under **General**. - -## Data protection +## Data protection ### Endpoint data loss prevention -For data to be protected, they must first be identified through labels. + +For data to be protected, they must first be identified through labels. Sensitivity labels are created in Office 365 Security & Compliance Center. Microsoft Defender ATP then uses the labels to identify endpoints that need Windows Information Protection (WIP) applied on them. -When you create sensitivity labels, you can set the information protection functionalities that will be applied on the file. The setting that applies to Microsoft Defender ATP is the Endpoint data loss prevention. - -For the endpoint data loss prevention, you'll need to turn on the Endpoint Data loss prevention and select Enable Windows end point protection (DLP for devices). +When you create sensitivity labels, you can set the information protection functionalities that will be applied on the file. The setting that applies to Microsoft Defender ATP is the Endpoint data loss prevention. +For the endpoint data loss prevention, you'll need to turn on the Endpoint Data loss prevention and select Enable Windows end point protection (DLP for devices). ![Image of Office 365 Security and Compliance sensitivity label](images/office-scc-label.png) -Once, the policy is set and published, Microsoft Defender ATP automatically enables WIP for labeled files. When a labeled file is created or modified on a Windows device, Microsoft Defender ATP automatically detects it and enables WIP on that file if its label corresponds with Office Security and Compliance (SCC) policy. +Once, the policy is set and published, Microsoft Defender ATP automatically enables WIP for labeled files. When a labeled file is created or modified on a Windows device, Microsoft Defender ATP automatically detects it and enables WIP on that file if its label corresponds with Office Security and Compliance (SCC) policy. -This functionality expands the coverage of WIP to protect files based on their label, regardless of their origin. +This functionality expands the coverage of WIP to protect files based on their label, regardless of their origin. For more information, see [Configure information protection in Windows](information-protection-in-windows-config.md). @@ -127,10 +124,8 @@ Those information types are evaluated against the auto-labeling policy. If a mat > [!NOTE] > Auto-labeling is supported in Office apps only when the Azure Information Protection unified labeling client is installed. When sensitive content is detected in email or documents matching the conditions you choose, a label can automatically be applied or a message can be shown to users recommending they apply it themselves. - - For more information, see [Configure information protection in Windows](information-protection-in-windows-config.md). - ## Related topics + - [How Windows Information Protection protects files with a sensitivity label](https://docs.microsoft.com/windows/security/information-protection/windows-information-protection/how-wip-works-with-labels) From 275dddf80a2bbe11fca6d0b3242a54edae7c065e Mon Sep 17 00:00:00 2001 From: amirsc3 <42802974+amirsc3@users.noreply.github.com> Date: Wed, 11 Mar 2020 11:24:19 +0200 Subject: [PATCH 4/7] Update minimum-requirements.md There is no such thing as Windows Server 2016, version 1803. The Semi-Annual Channel for Windows Server are named as follows: Windows Server, version 1709 Windows Server, version 1803 Windows Server, version 1809 Windows Server, version 1903 Windows Server, version 1909 https://support.microsoft.com/en-us/lifecycle/search?alpha=Windows%20Server%20version --- .../microsoft-defender-atp/minimum-requirements.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md b/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md index 50bd231776..d418314c95 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md +++ b/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md @@ -73,7 +73,7 @@ Access to Microsoft Defender ATP is done through a browser, supporting the follo - Windows Server 2008 R2 SP1 - Windows Server 2012 R2 - Windows Server 2016 - - Windows Server 2016, version 1803 + - Windows Server, version 1803 or later - Windows Server 2019 Machines on your network must be running one of these editions. From 5340f6cb39d771a329db4743909570f585a111ca Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Wed, 11 Mar 2020 11:48:14 -0700 Subject: [PATCH 5/7] update links --- .../microsoft-defender-atp/deployment-strategy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/deployment-strategy.md b/windows/security/threat-protection/microsoft-defender-atp/deployment-strategy.md index f1a6ec7341..d27eeaea94 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/deployment-strategy.md +++ b/windows/security/threat-protection/microsoft-defender-atp/deployment-strategy.md @@ -40,7 +40,7 @@ Depending on your environment, some tools are better suited for certain architec |**Item**|**Description**| |:-----|:-----| -|[![Thumb image for Microsoft Defender ATP deployment strategy](images/mdatp-deployment-strategy.png)](./downloads/mdatp-deployment-strategy.pdf)
[PDF](./downloads/mdatp-deployment-strategy.pdf) \| [Visio](https://github.com/MicrosoftDocs/windows-itpro-docs/blob/live/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.vsdx) | The architectural material helps you plan your deployment for the following architectures:
  • Cloud-native
  • Co-management
  • On-premise
  • Evaluation and local onboarding
    • +|[![Thumb image for Microsoft Defender ATP deployment strategy](images/mdatp-deployment-strategy.png)](downloads/mdatp-deployment-strategy.pdf)
    [PDF](downloads/mdatp-deployment-strategy.pdf) \| [Visio](https://github.com/MicrosoftDocs/windows-itpro-docs/blob/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.vsdx) | The architectural material helps you plan your deployment for the following architectures:
    • Cloud-native
    • Co-management
    • On-premise
    • Evaluation and local onboarding
      • ## Related topics From 6d2246193d21ab88bd40fbfab12d9279257a7b43 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Wed, 11 Mar 2020 11:52:16 -0700 Subject: [PATCH 6/7] vsdx link --- .../microsoft-defender-atp/deployment-strategy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/deployment-strategy.md b/windows/security/threat-protection/microsoft-defender-atp/deployment-strategy.md index d27eeaea94..e9f4744aaf 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/deployment-strategy.md +++ b/windows/security/threat-protection/microsoft-defender-atp/deployment-strategy.md @@ -40,7 +40,7 @@ Depending on your environment, some tools are better suited for certain architec |**Item**|**Description**| |:-----|:-----| -|[![Thumb image for Microsoft Defender ATP deployment strategy](images/mdatp-deployment-strategy.png)](downloads/mdatp-deployment-strategy.pdf)
      [PDF](downloads/mdatp-deployment-strategy.pdf) \| [Visio](https://github.com/MicrosoftDocs/windows-itpro-docs/blob/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.vsdx) | The architectural material helps you plan your deployment for the following architectures:
      • Cloud-native
      • Co-management
      • On-premise
      • Evaluation and local onboarding
        • +|[![Thumb image for Microsoft Defender ATP deployment strategy](images/mdatp-deployment-strategy.png)](downloads/mdatp-deployment-strategy.pdf)
        [PDF](downloads/mdatp-deployment-strategy.pdf) \| [Visio](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.vsdx) | The architectural material helps you plan your deployment for the following architectures:
        • Cloud-native
        • Co-management
        • On-premise
        • Evaluation and local onboarding
          • ## Related topics From 69a7de283eb258db5e1b4b7b1e560089a34a963a Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Wed, 11 Mar 2020 11:59:45 -0700 Subject: [PATCH 7/7] update link --- .../microsoft-defender-atp/deployment-strategy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/deployment-strategy.md b/windows/security/threat-protection/microsoft-defender-atp/deployment-strategy.md index e9f4744aaf..47e19acae2 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/deployment-strategy.md +++ b/windows/security/threat-protection/microsoft-defender-atp/deployment-strategy.md @@ -40,7 +40,7 @@ Depending on your environment, some tools are better suited for certain architec |**Item**|**Description**| |:-----|:-----| -|[![Thumb image for Microsoft Defender ATP deployment strategy](images/mdatp-deployment-strategy.png)](downloads/mdatp-deployment-strategy.pdf)
          [PDF](downloads/mdatp-deployment-strategy.pdf) \| [Visio](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.vsdx) | The architectural material helps you plan your deployment for the following architectures:
          • Cloud-native
          • Co-management
          • On-premise
          • Evaluation and local onboarding
            • +|[![Thumb image for Microsoft Defender ATP deployment strategy](images/mdatp-deployment-strategy.png)](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.pdf)
            [PDF](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.pdf) \| [Visio](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.vsdx) | The architectural material helps you plan your deployment for the following architectures:
            • Cloud-native
            • Co-management
            • On-premise
            • Evaluation and local onboarding
              • ## Related topics